Hi guys,
A while back on microPledge we ran into a minor issue with webapi.setcookie(),
in that it didn't have an option to set the "secure" flag in the Set-Cookie
header. Cookies marked "secure" are only sent over secure channels, i.e.,
HTTPS.
Simple fix: just add a secure= keyword param to setcookie(). It defaults to
False so it's backwards compatible. Then set that option of the cookie to
True before outputting it as a string. Here's the new code just for
reference:
def setcookie(name, value, expires="", domain=None, secure=False):
"""Sets a cookie."""
if expires < 0:
expires = -1000000000
kargs = {'expires': expires, 'path':'/'}
if domain:
kargs['domain'] = domain
if secure:
kargs['secure'] = True
# @@ should we limit cookies to a different path?
cookie = Cookie.SimpleCookie()
cookie[name] = value
for key, val in kargs.iteritems():
cookie[name][key] = val
header('Set-Cookie', cookie.items()[0][1].OutputString())
Cheers,
Ben.
--
Ben Hoyt, +64 21 331 841
http://www.benhoyt.com/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
